An anonymous reader quotes a report from the BBC: The heads of UK and US security services have made an unprecedented joint appearance to warn of the threat from China. FBI director Christopher Wray said China was the "biggest long-term threat to our economic and national security" and had interfered in politics, including recent elections. MI5 head Ken McCallum said his service had more than doubled its work against Chinese activity in the last three years and would be doubling it again. MI5 is now running seven times as many investigations related to activities of the Chinese Communist Party compared to 2018, he added. The FBI's Wray warned that if China was to forcibly take Taiwan it would "represent one of the most horrific business disruptions the world has ever seen."

The first ever joint public appearance by the two directors came at MI5 headquarters in Thames House, London. McCallum also said the challenge posed by the Chinese Communist Party was "game-changing," while Wray called it "immense" and "breath-taking." Wray warned the audience -- which included chief executives of businesses and senior figures from universities -- that the Chinese government was "set on stealing your technology" using a range of tools. He said it posed "an even more serious threat to western businesses than even many sophisticated businesspeople realized." He cited cases in which people linked to Chinese companies out in rural America had been digging up genetically modified seeds which would have cost them billions of dollars and nearly a decade to develop themselves. He also said China deployed cyber espionage to "cheat and steal on a massive scale," with a hacking program larger than that of every other major country combined.

The MI5 head said intelligence about cyber threats had been shared with 37 countries and that in May a sophisticated threat against aerospace had been disrupted. McCallum also pointed to a series of examples linked to China. [...] The MI5 head said new legislation would help to deal with the threat but the UK also needed to become a "harder target" by ensuring that all parts of society were more aware of the risks. He said that reform of the visa system had seen over 50 students linked to the Chinese military leaving the UK. "China has for far too long counted on being everybody's second-highest priority," Wray said, adding: "They are not flying under the radar anymore."

Apple introduced a security tool for iPhone, iPad and Mac devices that is designed to prevent targeted cyberattacks on high-profile users such as activists, journalists and government officials. From a report: The optional feature, called Lockdown Mode, will offer "extreme" protection for a "very small number of users who face grave, targeted attacks," Apple said Wednesday in a statement. The tool vastly reduces the number of physical and digital ways for an attacker to hack a user's device. Apple said the feature is aimed primarily at trying to combat attacks from "spyware" sold by NSO Group and other companies, particularly to state-sponsored groups.

[...] Lockdown Mode will affect the Messages app, FaceTime, Apple online services, configuration profiles, the Safari web browser and wired connections. With the tool in place, the Messages app will block attachments other than images and disable link previews. Those are two common mechanisms that hackers use to infiltrate devices remotely. The web browser, another frequent conduit for hackers, will also be severely limited, with restrictions on certain fonts, web languages and features involving reading PDFs and previewing content. In FaceTime, users won't be able to receive calls from an individual that they haven't previously called within the preceding 30 days.

Hotel group Marriott International has confirmed another data breach, with hackers claiming to have stolen 20 gigabytes of sensitive data including guests' credit card information. From a report: The incident, first reported by Databreaches.net Tuesday, is said to have happened in June when an unnamed hacking group claimed they used social engineering to trick an employee at a Marriott hotel Maryland into giving them access to their computer. "Marriott International is aware of a threat actor who used social engineering to trick one associate at a single Marriott hotel into providing access to the associate's computer," Marriott spokesperson Melissa Froehlich Flood told TechCrunch in a statement. "The threat actor did not gain access to Marriott's core network."

The wildly popular series Squid Game drew criticism for its English subtitles. Just how did those happen? CNET News: Subtitlers contend with unrealistic expectations, tight deadlines and competition from clunky machine translation. Often, their work goes underappreciated, under the radar. Sometimes Uludag would be sent a file to translate at 11 p.m. -- "and they would say we need it by 8 a.m." Without skilled subtitlers, movies such as historic Oscar winner Parasite are lost in translation. Yet the art of subtitling is on the decline, all but doomed in an entertainment industry tempted by cheaper emerging artificial intelligence technologies. Subtitlers have become a dying breed.

And this had been the predicament before the world started watching a little show called Squid Game. In 28 days, Squid Game leapfrogged Bridgerton as Netflix's most popular series ever. It also inadvertently started a global conversation about bad subtitles. While critics lauded the South Korean battle royale-themed drama for its polished production values, gripping story and memorable characters, many accused Netflix of skimping on the quality of Squid Game's English subtitles.

A prime example: Ali, the Pakistani laborer, shares a touching moment with Sang Woo, an embezzler who graduated from Korea's top university. Sang Woo suggests Ali call him hyung, instead of sajang-nim or "Mr. Company President." The term hyung literally translates as "older brother," a term used by a man to address an older man with whom he has formed a closer bond. That's Ali and Sang Woo. Yet, the line "Call me hyung" was translated as "Call me Sang Woo." A rare moment of compassion and humanity, amid all the gloom and gore, was lost. [...]

Yet Netflix, which abandoned its in-house subtitling program Hermes one year after its launch in 2017, is interested in a different area of translation: dubbing. It's not hard to see why. For example, 72% of Netflix's American viewers said they prefer dubs when watching Spanish hit Money Heist, Netflix's third most popular show ever. Unfairly criticized, underfunded and facing a lack of support from the entertainment industry, subtitlers are on the brink. At least the Squid Game controversy illuminated an unsung fact: Good subtitles are an exceptionally difficult art.

FedEx is to close its data centers and retire all of its remaining mainframes within the next two years. Speaking during the FedEx investor day, FedEx CIO Rob Carter said the company is aiming for a "zero data center, zero mainframe" environment based in the cloud, which will result in $400 million in savings annually. From a report: "We've been working across this decade to streamline and simplify our technology and systems," he said. "We've shifted to cloud...we've been eliminating monolithic applications one after the other after the other...we're moving to a zero data center, zero mainframe environment that's more flexible, secure, and cost-effective. Within the next two years we'll close the last few remaining data centers that we have, we'll eliminate the final 20 percent of the mainframe footprint, and we'll move the remaining applications to cloud-native structures that allow them to be flexibly deployed and used in the marketplace and business. While we're doing this, we'll achieve $400 million of annual savings."

"Microsoft says that a recently spotted Windows worm has been found on the networks of hundreds of organizations from various industry sectors," reports BleepingComputer.

The "Raspberry Robin" malware (first spotted in September) spreads through USB devices with a malicious .LNK file Although Microsoft observed the malware connecting to addresses on the Tor network, the threat actors are yet to exploit the access they gained to their victims' networks. This is in spite of the fact that they could easily escalate their attacks given that the malware can bypass User Account Control (UAC) on infected systems using legitimate Windows tools. Microsoft shared this info in a private threat intelligence advisory sent to Microsoft Defender for Endpoint subscribers and seen by BleepingComputer....

Once the USB device is attached and the user clicks the link, the worm spawns a msiexec process using cmd .exe to launch a malicious file stored on the infected drive. It infects new Windows devices, communicates with its command and control servers (C2), and executes malicious payloads...

Microsoft has tagged this campaign as high-risk, given that the attackers could download and deploy additional malware within the victims' networks and escalate their privileges at any time.

Bug bounty platform HackerOne has "a steadfast commitment to disclosing security incidents," according to a new blog post, "because we believe that sharing security information far and wide is essential to building a safer internet."

But now they've had an incident of their own: On June 22nd, 2022, a customer asked us to investigate a suspicious vulnerability disclosure made outside of the HackerOne platform. The submitter of this off-platform disclosure reportedly used intimidating language in communication with our customer. Additionally, the submitter's disclosure was similar to an existing disclosure previously submitted through HackerOne... Upon investigation by the HackerOne Security team, we discovered a then-employee had improperly accessed security reports for personal gain. The person anonymously disclosed this vulnerability information outside the HackerOne platform with the goal of claiming additional bounties.

This is a clear violation of our values, our culture, our policies, and our employment contracts. In under 24 hours, we worked quickly to contain the incident by identifying the then-employee and cutting off access to data. We have since terminated the employee, and further bolstered our defenses to avoid similar situations in the future. Subject to our review with counsel, we will also decide whether criminal referral of this matter is appropriate.
The blog post includes a detailed timeline of HackerOne's investigation. (They remotely locked the laptop, later taking possession of it for analysis, along with reviewing all data accessed "during the entirety of their two and a half months of employment" and notification of seven customers "known or suspected to be in contact with threat actor.")

"We are confident the insider access is now contained," the post concludes — outlining how they'll respond and the lessons learned. "We are happy that our previous investments in logging enabled an expedient investigation and response.... To ensure we can proactively detect and prevent future threats, we are adding additional employees dedicated to insider threats that will bolster detection, alerting, and response for business operations that require human access to disclosure data...."

"We are allocating additional engineering resources to invest further in internal models designed to identify anomalous access to disclosure data and trigger proactive investigative responses.... We are planning additional simulations designed to continuously evaluate and improve our ability to effectively resist insider threats."

Reuters shares the results of its investigation into what it calls "mercenary hackers": Reuters identified 35 legal cases since 2013 in which Indian hackers attempted to obtain documents from one side or another of a courtroom battle by sending them password-stealing emails. The messages were often camouflaged as innocuous communications from clients, colleagues, friends or family. They were aimed at giving the hackers access to targets' inboxes and, ultimately, private or attorney-client privileged information.

At least 75 U.S. and European companies, three dozen advocacy and media groups and numerous Western business executives were the subjects of these hacking attempts, Reuters found.

The Reuters report is based on interviews with victims, researchers, investigators, former U.S. government officials, lawyers and hackers, plus a review of court records from seven countries. It also draws on a unique database of more than 80,000 emails sent by Indian hackers to 13,000 targets over a seven-year period. The database is effectively the hackers' hit list, and it reveals a down-to-the-second look at who the cyber mercenaries sent phishing emails to between 2013 and 2020.... The targets' lawyers were often hit, too. The Indian hackers tried to break into the inboxes of some 1,000 attorneys at 108 different law firms, Reuters found....

"It is an open secret that there are some private investigators who use Indian hacker groups to target opposition in litigation battles," said Anthony Upward, managing director of Cognition Intelligence, a UK-based countersurveillance firm.

The legal cases identified by Reuters varied in profile and importance. Some involved obscure personal disputes. Others featured multinational companies with fortunes at stake. From London to Lagos, at least 11 separate groups of victims had their emails leaked publicly or suddenly entered into evidence in the middle of their trials. In several cases, stolen documents shaped the verdict, court records show.
Reuters spoke to email experts including Linkedin, Microsoft and Google to help confirm the authenticity of the data they'd received, and reports that one high-profile victim was WeWork co-founder Adam Neumann. (After Reuters told him he'd been targetted starting in 2017, Neumann hired a law firm.) "Reuters reached out to every person in the database — sending requests for comment to each email address — and spoke to more than 250 individuals. Most of the respondents said the attempted hacks revealed in the email database occurred either ahead of anticipated lawsuits or as litigation was under way."

America's FBI has been investigating the breachers since at least early 2018, Reuters reports, adding that pressure is now increasing on private eyes who acted as go-betweens for interested clients.

Meanwhile, Reuters found former employees of the mercenary firms, who told them that the firms employed dozens of workers — though "a month's salary could be as low as 25,000 rupees (then worth about $370), according to two former workers and company salary records...

"Asked about the hacker-for-hire industry, an official with India's Ministry of Justice referred Reuters to a cybercrime hotline, which did not respond to a request for comment."

Google today announced a preview of Advanced API Security, a new product headed to Google Cloud that's designed to detect security threats as they relate to APIs. TechCrunch reports: Built on Apigee, Google's platform for API management, the company says that customers can request access starting today. Short for "application programming interface," APIs are documented connections between computers or between computer programs. API usage is on the rise, with one survey finding that more than 61.6% of developers relied on APIs more in 2021 than in 2020. But they're also increasingly becoming the target of attacks. According to a 2018 report commissioned by cybersecurity vendor Imperva, two-thirds of organizations are exposing unsecured APIs to the public and partners.

Advanced API Security specializes in two tasks: identifying API misconfigurations and detecting bots. The service regularly assesses managed APIs and provides recommended actions when it detects configuration issues, and it uses preconfigured rules to provide a way to identify malicious bots within API traffic. Each rule represents a different type of unusual traffic from a single IP address; if an API traffic pattern meets any of the rules, Advanced API Security reports it as a bot. [...] With the launch of Advanced API Security, Google is evidently seeking to bolster its security offerings under Apigee, which it acquired in 2016 for over half a billion dollars. But the company is also responding to increased competition in the API security segment. "Misconfigured APIs are one of the leading reasons for API security incidents. While identifying and resolving API misconfigurations is a top priority for many organizations, the configuration management process is time consuming and requires considerable resources," Vikas Ananda, head of product at Google Cloud, said in a blog post shared with TechCrunch ahead of the announcement. "Advanced API Security makes it easier for API teams to identify API proxies that do not conform to security standards... Additionally, Advanced API Security speeds up the process of identifying data breaches by identifying bots that successfully resulted in the HTTP 200 OK success status response code."

Nkwe writes: Russians are searching for pirated Microsoft software online after the US tech giant halted sales in the country over its invasion of Ukraine, the Kommersant newspaper reported earlier this week. Russia-based web searches for pirated Microsoft software have surged by as much as 250% after the company suspended new sales on March 4, according to Kommersant. In June so far, there's been a 650% surge in searches for Excel downloads, the media outlet added. Microsoft said earlier this month it's significantly scaling down business in Russia, joining a long list of companies winding down businesses in the country amid sweeping sanctions over the war in Ukraine. The move hits Russia hard because the country relies on foreign software to power many of its manufacturing and engineering tech systems, Bloomberg reported on Tuesday. Russian government agencies, too, are switching from Microsoft's Windows to the Linux operating system, the Moscow Times reported last Friday. Developers of Russian systems based on the Linux open source operating system are also seeing more demand, Kommersant reported. Not all sectors are able to swap out their systems easily.

A trove of thousands of email records uncovered by Reuters reveals Indian cyber mercenaries hacking parties involved in lawsuits around the world -- showing how hired spies have become the secret weapon of litigants seeking an edge.

An employee working for OpenSea's email delivery vendor misused their customer data access to download and share email addresses with an "unauthorized external party," the NFT marketplace wrote in a company blog post Wednesday. The employee worked for Customer.io. From a report: OpenSea said customers who have shared their emails in the past "should assume" they were affected and will receive an email from opensea.io with more information. Customer.io launched an investigation into the issue, and the incident was reported to law enforcement. "Your trust and safety is a top priority," OpenSea wrote. "We wanted to share the information we have at this time, and let you know that we've reported the incident to law enforcement and are cooperating in their investigation."

An unusually advanced hacking group has spent almost two years infecting a wide range of routers in North America and Europe with malware that takes full control of connected devices running Windows, macOS, and Linux, researchers reported on Tuesday. From a report: So far, researchers from Lumen Technologies' Black Lotus Labs say they've identified at least 80 targets infected by the stealthy malware, infecting routers made by Cisco, Netgear, Asus, and DrayTek. Dubbed ZuoRAT, the remote access Trojan is part of a broader hacking campaign that has existed since at least the fourth quarter of 2020 and continues to operate. The discovery of custom-built malware written for the MIPS architecture and compiled for small office and home office routers is significant, particularly given its range of capabilities. Its ability to enumerate all devices connected to an infected router and collect the DNS lookups and network traffic they send and receive and remain undetected is the hallmark of a highly sophisticated threat actor.

Gmail is now rolling out a new user interface that will show Chat and Meet sections on the side pane by default. From a report: Google introduced this new integrated view earlier this year through opt-in options, so you had to manually enable Chat and Meet panes. However, as the new phase of the rollout is starting, the company will force you to opt out if you want the classic Gmail view. Google says the change is rolling out to Google Workspace customers and users with personal Google accounts alike. This includes Google Workspace Business Starter, Business Standard, Business Plus, Enterprise Essentials, Enterprise Standard, Enterprise Plus, Education Fundamentals, Education Plus, Frontline and Nonprofits, as well as G Suite Basic and Business customers, and Google Workspace Individual users. Only Google Workspace Essentials customers will not see the change, or those Workspace customers that have only been provided access to Gmail and not other apps.

The Windows 11 22H2 update is working its way through Microsoft's Windows Insider testing channels, and we'd expect it to begin rolling out to Windows 11 PCs at some point in the next few weeks or months. But Microsoft has had almost nothing to say about the next major update to Windows 10 beyond the fact that the operating system will keep getting yearly updates for the foreseeable future. From a report: And the Windows 10 22H2 update is actually already out there for those who know how to install it. Neowin has published a list of commands that can be typed into the Command Prompt or Windows Terminal to turn a fully updated Windows 10 21H2 install into a 22H2 install. The commands use Microsoft's Deployment Image Servicing and Management (DISM) tool to make tweaks to your Windows install and require the optional KB5014666 update for Windows 10 to be installed first. The catch is that enabling Windows 10 22H2 doesn't actually seem to do much beyond incrementing the version number on the "About Windows" screen.

An anonymous reader shares a report: In February 2019, a large container ship sailing for New York identified a cyber intrusion on board that startled the US Coast Guard. Though the malware attack never controlled the vessel's movement, authorities concluded that weak defenses exposed critical functions to "significant vulnerabilities." A maritime disaster didn't happen that day, but a warning flare rose over an emerging threat to global trade: cyber piracy able to penetrate on-board technology that's replacing old ways of steering, propulsion, navigation and other key operations. Such leaps in hacking capabilities could do enormous economic damage, particularly now, when supply chains are already stressed from the pandemic and the war in Ukraine, experts including a top Coast Guard official said.

"We've been lucky so far," said Rick Tiene, vice president with Mission Secure, a cybersecurity firm in Charlottesville, Virginia. "More and more incidents are happening, and the hackers are getting a better understanding what they can do once they've taken over an operational technology system. In the case of maritime -- whether it be the ports or the vessels themselves -- there is a tremendous amount that could be done to harm both the network and physical operations." Rear Admiral Wayne Arguin, the Coast Guard's assistant commandant for prevention policy, said shipping faces cyber risks similar to those in other industries -- it's just that the stakes are so much higher given that almost 80% of global trade moves on the sea. While Arguin declined to put a number on the frequency of attempted break-ins, he said "I feel very confident that every day networks are being tested, which really reinforces the need to have a plan." "That universe includes not just ship operators but port terminals and the thousands of logistics links in global supply chains that are increasingly interconnected," the story adds.

Google has asked the Federal Election Commission to green light a program that could keep campaign emails from ending up in spam folders, according to a filing obtained by Axios. From a report: Google has come under fire that its algorithms unfairly target conservative content across its services, and that its Gmail service filters more Republican fundraising and campaign emails to spam. Republican leadership introduced a bill this month that would require platforms to share how their filtering techniques work and make it illegal to put campaign emails into spam unless a user asks. Google's pilot program, per the June 21 filing, would be for "authorized candidate committees, political party committees and leadership political action committees registered with the FEC." It would make campaign emails from such groups exempt from spam detection as long as they don't violate Gmail's policies around phishing, malware or illegal content. Instead, when users would receive an email from a campaign for the first time, they would get a âoeprominentâ notification asking if they want to keep receiving them, and would still have the ability to opt out of subsequent emails.

AMD said it is investigating a potential data breach after RansomHouse, a relatively new data cybercrime operation, claims to have extorted data from the U.S. chipmaker. From a report: An AMD spokesperson told TechCrunch that the company "is aware of a bad actor claiming to be in possession of stolen data," adding that "an investigation is currently underway." RansomHouse, which earlier this month claimed responsibility for a cyberattack on Shoprite, Africa's largest retailer, claims to have breached AMD on January 5 to steal 450 GB of data. The group claims to be targeting companies with weak security, and claimed it was able to compromise AMD due to the use of weak passwords throughout the organization.

"An era of high-end technology, progress and top security... there's so much in these words for the crowds. But it seems those are still just beautiful words when even technology giants like AMD use simple passwords to protect their networks from intrusion," RansomHouse wrote on its data leak site. "It is a shame those are real passwords used by AMD employees, but a bigger shame to AMD Security Department which gets significant financing according to the documents we got our hands on -- all thanks to these passwords." Brett Callow, a ransomware expert and threat analyst at Emsisoft, told TechCrunch there's no reason to doubt the group's claims.

Google is warning of a sophisticated new spyware campaign that has seen malicious actors steal sensitive data from Android and iOS users in Italy and Kazakhstan. Engadget reports: On Thursday, the company's Threat Analysis Group (TAG) shared its findings on RCS Labs, a commercial spyware vendor based out of Italy. On June 16th, security researchers at Lookout linked the firm to Hermit, a spyware program believed to have been first deployed in 2019 by Italian authorities as part of an anti-corruption operation. Lookout describes RCS Labs as an NSO Group-like entity. The firm markets itself as a "lawful intercept" business and claims it only works with government agencies. However, commercial spyware vendors have come under intense scrutiny in recent years, largely thanks to governments using the Pegasus spyware to target activists and journalists.

According to Google, Hermit can infect both Android and iOS devices. In some instances, the company's researchers observed malicious actors work with their target's internet service provider to disable their data connection. They would then send the target an SMS message with a prompt to download the linked software to restore their internet connection. If that wasn't an option, the bad actors attempted to disguise the spyware as a legitimate messaging app like WhatsApp or Instagram.

What makes Hermit particularly dangerous is that it can gain additional capabilities by downloading modules from a command and control server. Some of the addons Lookout observed allowed the program to steal data from the target's calendar and address book apps, as well as take pictures with their phone's camera. One module even gave the spyware the capability to root an Android device. Google believes Hermit never made its way to the Play or App stores. However, the company found evidence that bad actors were able to distribute the spyware on iOS by enrolling in Apple's Developer Enterprise Program. Apple told The Verge that it has since blocked any accounts or certificates associated with the threat. Meanwhile, Google has notified affected users and rolled out an update to Google Play Protect.

After sunsetting Google Hangouts for Workspace users in February, Google's now beginning the process of migrating free, personal Hangouts users to Chat. In an announcement posted to its blog, Google says people who still use the Hangouts mobile app will see a prompt to move to Chat. From a report: As for users who use Hangouts in Gmail on the web, Google says it won't start prompting users to make the switch to Chat until July. Hangouts will remain usable on its desktop site until November, and Google says it will warn users "at least one month" in advance before it starts pointing the Hangouts site to Chat.